CVE-2016-3001
Published on: 09/25/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:02 PM UTC
Certain versions of Connections from Ibm contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006.
- CVE-2016-3001 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM Connections CVE-2016-3001 Unspecified Cross Site Scripting Vulnerability | cve.report (archive) text/html | BID 93172 |
IBM notice: The page you requested cannot be displayed | Broken Link www-01.ibm.com text/html Inactive LinkNot Archived | AIXAPAR LO89962 |
IBM Security Bulletin: IBM Connections Security Update for Multiple Vulnerabilities - United States | Patch Vendor Advisory web.archive.org text/html Inactive LinkNot Archived | CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21989067 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Ibm | Connections | 4.0.0.0 | All | All | All |
Application | Ibm | Connections | 4.5.0.0 | All | All | All |
Application | Ibm | Connections | 5.0.0.0 | All | All | All |
Application | Ibm | Connections | 5.5.0.0 | All | All | All |
Application | Ibm | Connections | 4.0.0.0 | All | All | All |
Application | Ibm | Connections | 4.5.0.0 | All | All | All |
Application | Ibm | Connections | 5.0.0.0 | All | All | All |
Application | Ibm | Connections | 5.5.0.0 | All | All | All |
- cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE